Page 202 - BAM ONE REPORT 2564 (ENGLISH VERSION)
P. 202
200 Part 2
Corporate Governance
approved an organization restructuring to 1.8 Giving of importance to data governance by
accommodate the long-term strategic plan appointing the Data Governance Working
by reorganizing the back-office group and Committee to supervise and oversee the
additionally setting up the “Corporate Company’s data management to be carried
Governance and Risk Management Group” to on appropriately and efficiently.
elevate the governance, risk and compliance 1.9 Formulation of the data governance policy
(GRC) operations, consisting of Corporate and the data governance guidelines.
Governance and Compliance Department and 1.10 Upgrade of risk management work into Risk
Risk Management Department. Management Department, consisting of
1.3 Determination of the scope of authority, Enterprise Risk Management Division, Risk
duties and responsibilities of the Board of Management and Information Technology
Directors, the Audit Committee, and Chief Regulation Governance Division, and Personal
Executive Officer, and determination of Data Protection Supporting Division, in order
the approval authority for the Company’s to elevate risk management to the international
operations and transactions. standard, which is under the supervision of
1.4 Giving of importance to the integration of Corporate Governance and Risk Management
GRC operations of work units in the first, Group.
second and third lines in order to move the 1.11 Formulation of the outsourcing guidelines
organization towards sustainable growth. for all departments to abide by.
1.5 Formulation of the governance, risk and 1.12 Review and revision of the enterprise risk
compliance (GRC) policy. management policy, covering six key risk
1.6 Preparation of handbooks for good corporate categories which are strategic risk, operational
governance and corporate social responsibility, risk, financial risk, compliance risk, reputation
business ethics, and corporate governance risk, and information technology risk, in order
practices, such as provision of complaint to manage risks to stay at the risk appetite
channels, reporting of conflict of interest, and level of the Company.
the Company being approved to participate 1.13 Formulation of the IT risk management policy
in Thailand’s Private Sector Collective Action and the IT risk management guidelines in order
Coalition Against Corruption (“CAC”), which to raise the Company’s IT risk management
enables the Company to attain the corporate standard.
governance standards and achieve efficient 1.14 Determination of IT key risk indicators (IT KRIs)
management and also helps to boost employees’ in order to follow up on the outcomes of IT
morale and good spirit in performing the risk management to align with BAM digital
assigned duties to their full capacity. enterprise development (BAM-D).
1.7 Creation of tools for the Company’s human 1.15 Formulation of the IT outsourcing guidelines
resource development reporting in order to for all departments to use as a basis for their
develop employees’ capabilities that align IT risk assessment and to be aware of the
with the Company’s operational direction. Company’s IT security.
